Additional Resources

Mark's Webcasts

Watch free on-demand recordings of Mark’s top-rated presentations from TechEd, BUILD and other conferences on Azure, security, Windows troubleshooting, malware hunting. If you have a question about a topic in any of these webcasts, please visit the
Sysinternals Forum for answers and help from other users and our moderators.

Windows Azure

The rise of public cloud computing has brought with it a new set of security considerations that are not widely understood. With a unique perspective from working on the security systems of a public cloud, Mark describes public cloud service provider and cloud customer threats, including malicious insiders, shared technology, data breaches, and data loss. For each, he assesses the risks and explores the value of mitigations like encryption-at-rest, encryption-in-flight, and other security best practices, separating hype from reality so that you can make educated decisions as your organization moves to the cloud.

Join Mark Russinovich and Mark Minasi for a lively discussion as they share their views on the cloud computing disruption and what it means for IT pros and developers. Mark Russinovich brings his perspective from leading Microsoft Azure architecture and Mark Minasi brings his IT expertise and view from outside. The economics of public cloud, future of PaaS and IaaS, how enterprises will bridge their on-premises environments with the cloud, how you should look at security in the public cloud, and what skills are important for IT pros and developers are just some of the areas they explore together.

This session gives an overview of the new Windows Azure infrastructure services (IaaS), including support for Windows Server and Linux persistent virtual machines, new networking capabilities for hybrid applications and on-premises/cloud connectivity, and support for applications that consist of PaaS and IaaS roles. Mark explains how IaaS fits into Windows Azure to extend existing server applications to cloud and shows demonstrations of IaaS VM deployment and complex multi-VM applications.

Mark Russinovich goes under the hood of the Microsoft datacenter operating system. Intended for developers who have already gotten their hands dirty with Windows Azure and understand its basic concepts, this session gives an inside look at the architectural design of the Windows Azure compute platform. Learn about Microsoft’s data center architecture, what goes on behind the scenes when you deploy and update a Windows Azure app and how it monitors and responds to the health of machines, its own components, and the apps it hosts.

Join Mark Russinovich for an overview of Microsoft’s new cloud OS. Assuming no prior knowledge of Windows Azure, this session will start by explaining the Windows Azure Platform-as-a-Service (PaaS) app philosophy and how it differs from that of traditional server apps. Then, demonstrating key concepts with a real Windows Azure service built and deployed to the cloud, we’ll describe the Windows Azure service model, including concepts like update and fault domains. The session will then conclude by discussing the different service update options and detail the recovery steps Windows Azure follows when it detects that a service or a hardware device has failed.

Mark Russinovich goes under the hood of Microsoft’s new cloud OS. Intended for developers who have already gotten their hands dirty with Windows Azure and understand its basic concepts, this session gives an inside look at the architectural design of Windows Azure’s compute platform. You’ll learn about Microsoft’s data center architecture, what goes on behind the scenes when you deploy and update a Windows Azure app and how it monitors and responds to the health of machines, its own components and the apps it hosts.

Windows Internals

Mark, Arun Kishan and Landy Wang describe many of the core improvements to Windows that make Windows 7 more reliable, responsive, and scalable than previous versions of Windows. Learn about the kernel dispatcher lock and other parallelization, large page support, memory footprint reduction, NUMA enhancements, and more.

Watch as Mark explains Windows limits related to object handles, virtual memory and physical memory. Along the way he explains where the limits come from and how to monitor your applications so that you're warned when they approach the limits and so that you can size your systems to accommodate their resource requirements.

Mark takes you inside new Windows virtualization and VHD features, including live VM migration, core parking and timer coalescing, hypervisor power management support, and new hardware-assisted guest memory management. He delivers the entire presentation from a Windows installation that was booted from VHD to show you how Windows implements a native VHD stack and how the boot architecture has changed to accommodate booting from VHD images.

Mark talks about kernel changes in Windows 7 and Windows Server 2008 R2, including the removal of the scheduler's dispatcher lock, support for up to 256 CPUs, boot from VHD, MinWin, core parking for power savings and more.

In a follow-on to the previous Inside Windows 7 discussion, Mark digs into the insides of Windows 7, way deep down in the system (the culmative effects of which help to make Windows 7 Microsoft's most reliable, scalable and efficient general purpose operating system to date).

Channel 9 chats with Technical Fellow and
Sysinternals founder Mark Russinovich to dig a bit into what's new in the Windows Server 2008 kernel. Of course, we talk about many things including HyperV, application virtualization, kernel architecture, and more....

Security

Pass-the-hash transforms the breach of one machine into total compromise of infrastructure. The publication of attacks, and lack of tools to respond, have forced enterprises to rely on onerous and ineffective techniques. In this session, we deconstruct the PtH threat, show how the attack is performed, and how it can be addressed using new features and functionality recently introduced in Windows.

Mark provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. He demonstrates their malware-hunting capabilities by presenting several current, real-world malware samples and using the tools to identify and clean malware.

This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.

In this TechEd/ITForum session Mark goes inside the various technologies that come under the umbrella name User Account Control (UAC), explaining their role and how the work. Mark concludes with a look at how UAC will affect the evolution of malware.

Defrag Tools

Episodes 1 – 12 of the Defrag Tools shows focus on Sysinternals tools. Each episode covers a specific tool used on the tech support show
Defrag, covering when and why to use the tools, and providing tips on how to get the most out of them: